Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
Dear Release Team, I would like to propose the following changes to the dwarfutils package in stretch: * Add patch 02-fix-CVE-2017-9052.patch to fix CVE-2017-9052 and CVE-2017-9055 (Closes: #864064). * Add patch 03-fix-CVE-2017-9053.patch to fix CVE-2017-9053. * Add patch 04-fix-CVE-2017-9054.patch to fix CVE-2017-9054. * Add patch 05-fix-CVE-2017-9998.patch to fix CVE-2017-9998 (Closes: #866968). This update would fix all currently known vulnerabilities in the dwarfutils package in stretch. All changes have been cherry-picked from the upstream development repository, and all of them are already in unstable. I have attached the debdiff that I would like to apply to the current version in stable. Thank you! Kind regards, Fabian
diff -Nru dwarfutils-20161124/debian/changelog dwarfutils-20161124/debian/changelog --- dwarfutils-20161124/debian/changelog 2016-11-25 14:23:27.000000000 +0100 +++ dwarfutils-20161124/debian/changelog 2017-07-11 15:33:51.000000000 +0200 @@ -1,3 +1,14 @@ +dwarfutils (20161124-1+deb9u1) stable; urgency=medium + + * Add patch 02-fix-CVE-2017-9052.patch to fix CVE-2017-9052 and + CVE-2017-9055 (Closes: #864064). + * Add patch 03-fix-CVE-2017-9053.patch to fix CVE-2017-9053. + * Add patch 04-fix-CVE-2017-9054.patch to fix CVE-2017-9054. + * Add patch 05-fix-CVE-2017-9998.patch to fix CVE-2017-9998 + (Closes: #866968). + + -- Fabian Wolff <fabi.wo...@arcor.de> Tue, 11 Jul 2017 15:33:51 +0200 + dwarfutils (20161124-1) unstable; urgency=medium * New upstream release. diff -Nru dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch --- dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch 1970-01-01 01:00:00.000000000 +0100 +++ dwarfutils-20161124/debian/patches/02-fix-CVE-2017-9052.patch 2017-07-11 15:33:51.000000000 +0200 @@ -0,0 +1,31 @@ +Description: Fix CVE-2017-9052 and CVE-2017-9055 +Origin: upstream, https://sourceforge.net/p/libdwarf/code/ci/cc37d6917011733d776ae228af4e5d6abe9613c1/ +Bug: https://www.prevanders.net/dwarfbug.html#DW201703-006 +Bug-Debian: https://bugs.debian.org/864064 +Last-Update: 2017-07-08 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/libdwarf/dwarf_form.c ++++ b/libdwarf/dwarf_form.c +@@ -934,6 +934,10 @@ + switch (attr->ar_attribute_form) { + + case DW_FORM_data1: ++ if (attr->ar_debug_ptr >= section_end) { ++ _dwarf_error(dbg, error, DW_DLE_DIE_BAD); ++ return DW_DLV_ERROR; ++ } + *return_sval = (*(Dwarf_Sbyte *) attr->ar_debug_ptr); + return DW_DLV_OK; + +--- a/libdwarf/dwarf_query.c ++++ b/libdwarf/dwarf_query.c +@@ -377,7 +377,7 @@ + } + if (_dwarf_reference_outside_section(die, + (Dwarf_Small*) info_ptr, +- (Dwarf_Small*) info_ptr)) { ++ ((Dwarf_Small*) info_ptr)+1)) { + _dwarf_error(dbg, error,DW_DLE_ATTR_OUTSIDE_SECTION); + return DW_DLV_ERROR; + } diff -Nru dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch --- dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch 1970-01-01 01:00:00.000000000 +0100 +++ dwarfutils-20161124/debian/patches/03-fix-CVE-2017-9053.patch 2017-07-11 15:33:51.000000000 +0200 @@ -0,0 +1,86 @@ +Description: Fix CVE-2017-9053 +Origin: upstream, https://sourceforge.net/p/libdwarf/code/ci/cc37d6917011733d776ae228af4e5d6abe9613c1/ +Bug: https://www.prevanders.net/dwarfbug.html#DW201703-005 +Bug-Debian: https://bugs.debian.org/864064 +Last-Update: 2017-07-08 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/libdwarf/dwarf_loc.c ++++ b/libdwarf/dwarf_loc.c +@@ -237,6 +237,10 @@ + break; + + case DW_OP_const1u: ++ if (loc_ptr >= section_end) { ++ _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END); ++ return DW_DLV_ERROR; ++ } + operand1 = *(Dwarf_Small *) loc_ptr; + loc_ptr = loc_ptr + 1; + if (loc_ptr > section_end) { +@@ -247,6 +251,10 @@ + break; + + case DW_OP_const1s: ++ if (loc_ptr >= section_end) { ++ _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END); ++ return DW_DLV_ERROR; ++ } + operand1 = *(Dwarf_Sbyte *) loc_ptr; + SIGN_EXTEND(operand1,1); + loc_ptr = loc_ptr + 1; +@@ -372,6 +380,10 @@ + break; + + case DW_OP_pick: ++ if (loc_ptr >= section_end) { ++ _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END); ++ return DW_DLV_ERROR; ++ } + operand1 = *(Dwarf_Small *) loc_ptr; + loc_ptr = loc_ptr + 1; + if (loc_ptr > section_end) { +@@ -388,6 +400,10 @@ + break; + + case DW_OP_deref_size: ++ if (loc_ptr >= section_end) { ++ _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END); ++ return DW_DLV_ERROR; ++ } + operand1 = *(Dwarf_Small *) loc_ptr; + loc_ptr = loc_ptr + 1; + if (loc_ptr > section_end) { +@@ -401,6 +417,10 @@ + break; + + case DW_OP_xderef_type: /* DWARF5 */ ++ if (loc_ptr >= section_end) { ++ _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END); ++ return DW_DLV_ERROR; ++ } + operand1 = *(Dwarf_Small *) loc_ptr; + loc_ptr = loc_ptr + 1; + if (loc_ptr > section_end) { +@@ -415,6 +435,10 @@ + break; + + case DW_OP_xderef_size: ++ if (loc_ptr >= section_end) { ++ _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END); ++ return DW_DLV_ERROR; ++ } + operand1 = *(Dwarf_Small *) loc_ptr; + loc_ptr = loc_ptr + 1; + if (loc_ptr > section_end) { +@@ -520,6 +544,10 @@ + break; + case DW_OP_deref_type: /* DWARF5 */ + case DW_OP_GNU_deref_type: /* 0xf6 */ ++ if (loc_ptr >= section_end) { ++ _dwarf_error(dbg,error,DW_DLE_LOCEXPR_OFF_SECTION_END); ++ return DW_DLV_ERROR; ++ } + operand1 = *(Dwarf_Small *) loc_ptr; + loc_ptr = loc_ptr + 1; + if (loc_ptr > section_end) { diff -Nru dwarfutils-20161124/debian/patches/04-fix-CVE-2017-9054.patch dwarfutils-20161124/debian/patches/04-fix-CVE-2017-9054.patch --- dwarfutils-20161124/debian/patches/04-fix-CVE-2017-9054.patch 1970-01-01 01:00:00.000000000 +0100 +++ dwarfutils-20161124/debian/patches/04-fix-CVE-2017-9054.patch 2017-07-11 15:33:51.000000000 +0200 @@ -0,0 +1,23 @@ +Description: Fix CVE-2017-9054 +Origin: upstream, https://sourceforge.net/p/libdwarf/code/ci/cc37d6917011733d776ae228af4e5d6abe9613c1/ +Bug: https://www.prevanders.net/dwarfbug.html#DW201703-002 +Bug-Debian: https://bugs.debian.org/864064 +Last-Update: 2017-07-08 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/libdwarf/dwarf_leb.c ++++ b/libdwarf/dwarf_leb.c +@@ -301,11 +301,11 @@ + break; + } + ++leb128; +- byte = *leb128; +- byte_length++; + if (leb128 >= endptr) { + return DW_DLV_ERROR; + } ++ byte = *leb128; ++ byte_length++; + if (byte_length > BYTESLEBMAX) { + /* Erroneous input. */ + if (leb128_length) { diff -Nru dwarfutils-20161124/debian/patches/05-fix-CVE-2017-9998.patch dwarfutils-20161124/debian/patches/05-fix-CVE-2017-9998.patch --- dwarfutils-20161124/debian/patches/05-fix-CVE-2017-9998.patch 1970-01-01 01:00:00.000000000 +0100 +++ dwarfutils-20161124/debian/patches/05-fix-CVE-2017-9998.patch 2017-07-11 15:33:51.000000000 +0200 @@ -0,0 +1,41 @@ +Description: Fix CVE-2017-9998 +Origin: upstream, https://sourceforge.net/p/libdwarf/code/ci/e91681e8841291f57386f26a90897fd1dcf92a6e/ +Bug: https://www.prevanders.net/dwarfbug.html#DW201706-001 +Bug-Debian: https://bugs.debian.org/866968 +Last-Update: 2017-07-08 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/libdwarf/dwarf_query.c ++++ b/libdwarf/dwarf_query.c +@@ -524,11 +524,17 @@ + if (res != DW_DLV_OK) { + return res; + } +- if ((info_ptr + value_size) > die_info_end) { +- /* Something badly wrong. We point past end +- of debug_info or debug_types . */ +- _dwarf_error(dbg,error,DW_DLE_DIE_ABBREV_BAD); +- return DW_DLV_ERROR; ++ { ++ /* ptrdiff_t is signed type, so use DW signed type */ ++ Dwarf_Signed len = die_info_end - info_ptr; ++ if (len < 0 || (value_size > ((Dwarf_Unsigned)len))) { ++ /* Something badly wrong. We point past end ++ of debug_info or debug_types or a ++ section is unreasonably sized or we are ++ pointing to two different sections? */ ++ _dwarf_error(dbg,error,DW_DLE_DIE_ABBREV_BAD); ++ return DW_DLV_ERROR; ++ } + } + info_ptr+= value_size; + } while (curr_attr != 0 || curr_attr_form != 0); +@@ -679,7 +685,7 @@ + but with a base. */ + sectionsize = dbg->de_debug_addr.dss_size; + sectionend = sectionstart + sectionsize; +- if ((addr_offset + context->cc_address_size) > sectionsize) { ++ if (addr_offset > (sectionsize - context->cc_address_size)) { + _dwarf_error(dbg, error, DW_DLE_ATTR_FORM_SIZE_BAD); + return (DW_DLV_ERROR); + } diff -Nru dwarfutils-20161124/debian/patches/series dwarfutils-20161124/debian/patches/series --- dwarfutils-20161124/debian/patches/series 2016-10-28 11:18:37.000000000 +0200 +++ dwarfutils-20161124/debian/patches/series 2017-07-11 15:33:51.000000000 +0200 @@ -1 +1,5 @@ 01-fix-makefile.patch +02-fix-CVE-2017-9052.patch +03-fix-CVE-2017-9053.patch +04-fix-CVE-2017-9054.patch +05-fix-CVE-2017-9998.patch
signature.asc
Description: PGP signature